In This Chapter
Understanding computer security audits
Learning a security test methodology
Reviewing host and network security
Appreciating vulnerability testing
Exploring different security testing tools
When you see the term audit, the odds are good you think of the kind involving taxes. In actuality, many types of audits exist, and one of them is a computer security audit. The purpose of a computer security audit, in its simplest form, is to test your system and network security. For larger organizations, an independent auditor (much like with the auditing of financial statements) can do the security audit. If you have only a few Linux systems or a small network, you can do the security audit as a self-assessment, just to figure out if you’re doing everything okay.
This chapter explains how to perform computer security audits and shows you a number of free tools and resources to help you test your system’s security. ...